Critical severityNVD Advisory· Published Jun 12, 2024· Updated Mar 19, 2025

Apache Submarine Server Core: authorization bypass

CVE-2024-36265

Description

UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Submarine Server Core.

This issue affects Apache Submarine Server Core: from 0.8.0.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

ghsa-coords2 versions
pkg:maven/org.apache.submarine/submarine-server-core pkg:pypi/apache-submarine
(expand)+ 1 more
- (no CPE)
- (no CPE)
Apache/Submarine Server Corecpe-rescue
Range: 0.8.0

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-6q97-8v3g-rpxwghsaADVISORY
lists.apache.org/thread/prckhhst19qxof064hsm8cccxtofvflzghsavendor-advisoryWEB
nvd.nist.gov/vuln/detail/CVE-2024-36265ghsaADVISORY
www.openwall.com/lists/oss-security/2024/06/12/3ghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/apache-submarine/PYSEC-2024-98.yamlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000